Viewing all changes in revision 28.
- Committer: Bazaar Package Importer
- Date: 2007-12-04 00:04:35 UTC
- Revision ID: james.westby@ubuntu.com-20071204000435-7puqrad905ohse3q
* SECURITY UPDATE: improper bounds on static buffer results in stack-based
buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
enough memory in build/source/texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
checking in dvi2xx.*.
* References
CVE-2007-5935
CVE-2007-5936
CVE-2007-5937
buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
enough memory in build/source/texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
checking in dvi2xx.*.
* References
CVE-2007-5935
CVE-2007-5936
CVE-2007-5937
- files added:
- debian/patches/SECURITY_CVE-2007-5935.patch
- files modified:
- debian/changelog
expand all
collapse all
added
removed
